US20030105971A1 - Location-based security for a portable computer - Google Patents
Location-based security for a portable computer Download PDFInfo
- Publication number
- US20030105971A1 US20030105971A1 US10/006,331 US633101A US2003105971A1 US 20030105971 A1 US20030105971 A1 US 20030105971A1 US 633101 A US633101 A US 633101A US 2003105971 A1 US2003105971 A1 US 2003105971A1
- Authority
- US
- United States
- Prior art keywords
- location
- computer
- operating mode
- remote network
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2111—Location-sensitive, e.g. geographical location, GPS
Definitions
- the present invention generally relates to computer security. More particularly, the resent invention relates to location-based computer identity which can be seen as a component in security system. Still more particularly, the invention relates to the use of a location device, such as GPS receiver, to select one of a plurality of user access or security modes based on the location of the computer.
- a location device such as GPS receiver
- a laptop computer can be used from a remote location, such as a house or a hotel room, to log on to a company's network.
- a password is required before access is permitted.
- that user will have full access to the network, just as if the user had logged in from his or her office at the company.
- systems could define access based on the connection point, but even that differentiation is gone.
- an electronic system e.g., portable computer device embodying an access control (or security) system which provides varying levels of access based on the location of the system.
- the system includes a location module, such as a geosynchronous positioning system (“GPS”) receiver. This would permit the system to determine its location relative to a plurality of preset location areas.
- location areas might be programmed to include the user's office, home, predetermined location for a business trip and the like.
- the system determines in which location area it currently is located and invokes an access mode associated with that particular location area.
- the various access modes can range from permitting the user full access to a local system or remote network, to permitting very limited access to a local system or remote network or to any access to the local or remote system. Such limited access might be limited to just email access or read only access to certain files contained on a remote network or on the local computer system itself.
- the various location areas preferably are predefined and can be updated whenever necessary by the user or a network administrator.
- FIG. 1 is a preferred computer system diagram in which a location module is included as a basis for the security system of the computer.
- System 100 preferably comprises a computer system and more preferably a portable computer (e.g., a desktop computer or a laptop or handheld device).
- computer system 100 includes a host processor 102 , a north bridge 104 , system memory 106 , a south bridge 110 , an input device 112 (e.g., a mouse or keyboard), a display subsystem 114 , and various peripheral devices 120 and 122 coupled to the north bridge 104 via a bus 108 .
- the north bridge couples to the processor 102 , memory 106 and display subsystem 114 , and couples to the south bridge 110 via bus 108 which preferably comprises a peripheral component interconnect (“PCI”) bus (or equivalent).
- PCI peripheral component interconnect
- the peripheral devices 120 and 122 couple to the PCI bus 108 , but alternatively may attach to the system in other ways.
- Peripheral device 120 preferably comprises a communication port to provide access to a remote network.
- Device 120 may comprise, for example, network interface card (“NIC”), modem or other means for permitting the computer 100 to communicate with a remote network.
- NIC network interface card
- Peripheral device 122 preferably comprises a location module which provides location information to the computer.
- the location information may be an absolute location or a location relative to a reference point.
- the module may include a geosynchronous positioning system (“GPS”) receiver, a low earth orbit satellite (“LEOS”) receiver, or any other type of device that provide spatial location information to the computer.
- GPS geosynchronous positioning system
- LEOS low earth orbit satellite
- the location module 122 may comprise a cellular telephone transceiver which, using triangulation, can be used to provide location information.
- the location module 122 is selected and designed to provide whatever accuracy is desired.
- the computer 100 implements an access/security scheme or mode (generally referred to as an “operating mode” in the claims) that is based on the location of the computer.
- the access/security modes specify certain log on and/or access privileges to a local system or remote network and are thus dependent on the location of the computer relative to a plurality of predetermined or programmed location areas. Once it is determined in which location area the computer currently resides, an access/security mode predetermined for that particular area is invoked.
- security can be customized to location.
- access can be decreased or the security can be increased as the computer moves outside a geographic region (e.g., the user's office).
- the access/security mode can be implemented on the computer 100 itself and/or communicated to the remote network for implementation. If the access/security mode is communicated to the remote network, the remote network could restrict use of the network by the computer in accordance with the computer's access/security mode.
- two location areas could be implemented.
- One area might include the normal location of the computer during regular business hours, such as the company's location, while another area might be defined as being outside the company.
- one security mode could be applied.
- a different set of rules could be applied.
- the various security modes can be invoked, for example, during the boot up process during which the computer's processor could use the location module 122 to determine its location.
- the processor 102 compares its location to a plurality of location areas to determine in which area the computer is located. Based on the location area, the computer would then boot up with or otherwise invoke a access/security mode preset for that location area.
- the selection of the access/security mode could be performed when a user is using the computer 100 to log on to a remote network via the communication port 120 .
- the computer could be programmed to re-evaluate its location at a predetermined interval of time and re-set its security mode if the computer has been transported from one location area to another. Further still, the computer could be programmed to re-evaluate its location before attempting to perform certain transactions, such as accessing certain pre-designated files or applications on the network.
- the access/security mode introduced above is intended to be invoked in addition to whatever normal security features have been put in place for the user.
- the user normally may be granted full access to all data and applications or be granted limited access to the data and applications.
- the access/security modes invoked based on location are intended to provide an additional layer of security on top of the normal security restrictions imposed for the user by, for example, a network administrator. Thus, the access/security modes either provide no further restrictions or provide additional restrictions. If a user normally is not granted access to a certain file, the security modes described herein would not undo that restriction to grant access to the user.
- each security mode includes.
- the modes can apply to the local machine and its operation or to access to a remote network.
- One mode could permit a user to log on to the local or remote network and be granted full access privileges meaning that the user could access all information and applications normally afforded to that user.
- This mode might be used, for example, if the user's computer was located in his or her office.
- Another mode could restrict access to data and/or applications. For example, in this latter mode the user might be restricted to email access only.
- certain or all files can be designated “read only” and not changeable by the user in this mode. Further still, certain files or programs can be made inaccessible by the computer while in this mode.
- Such inaccessibility can be implemented by simply not showing an icon on the display 114 for the files or applications which are designated as off limits to the user.
- the icon could be shown on the display thereby permitting the user the ability to try to view or run that file or application, but the security mode will prevent the file from actually being viewed or the application from being run.
- an error message could shown on the display 114 alerting the user that the selected file/application is outside the privileges for that user in the current location area.
- ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇ ⁇
- the access/security modes for each of these six location areas can be defined differently for each area or two or more areas can have the same security mode.
- the “at work” location area can be assigned a security mode that provides full access privileges.
- the security mode for location number six i.e., any other location not already defined
- Locations 2-5 can be implemented with security modes that limit access as desired.
- Each location area preferably is defined in accordance with the location reporting capabilities of the computer's location module 122 .
- the location module reports a location in terms of a longitude and latitude coordinate
- the boundaries of the location areas are similarly defined in terms of longitude and latitude coordinates.
- the location area can be defined using a plurality of coordinates to define various vertices or a single coordinate could be used to represent the center of the location area. In this latter approach, the location area could be defined by all locations within a predetermined range of the center coordinate, effectively defining the location area as circle.
- the computer system 100 and the remote network to which it communicates preferably implement a methodology for the remote network to verify the authenticity of computer 100 , in particular the location reporting capabilities of the computer.
- suitable methodology can be used in this regard. For example, the Trusted Computing Platform Association, Main Specification, Version 1.1, incorporated herein by reference, can be used.
- This method specifies that the computer's processor 102 executes code to measure various software and hardware characteristics of the system.
- One such characteristic could be a predetermined attribute or signal from the location module.
- This information then could be converted into a digital certificate in accordance with well-known techniques.
- the certificate would then be transferred through the computer's communication port 120 to the remote network which verifies the certificate in accordance with well-known techniques. If the certificate is successfully verified, the remote network is assured that the computer system 100 is authentic and valid and, accordingly, the network permits access by the computer in accordance with the security mode invoked by the computer.
Abstract
Description
- Not applicable
- Not applicable.
- 1. Field of the Invention
- The present invention generally relates to computer security. More particularly, the resent invention relates to location-based computer identity which can be seen as a component in security system. Still more particularly, the invention relates to the use of a location device, such as GPS receiver, to select one of a plurality of user access or security modes based on the location of the computer.
- 2. Background of the Invention
- For years computer security has been a concern. Computer systems of individuals and especially corporations typically include confidential and valuable information. Early on, identity, and security, were established by requiring a user to enter a correct password to log on to the system. The use of passwords still remains one of the most widely used security techniques.
- The concern for identity and security has increased with the advent of portable computers which can be used to remotely obtain access to a network. For example, a laptop computer can be used from a remote location, such as a house or a hotel room, to log on to a company's network. Often, a password is required before access is permitted. Typically, once the user's password is successfully verified, that user will have full access to the network, just as if the user had logged in from his or her office at the company. In the past systems could define access based on the connection point, but even that differentiation is gone.
- Although generally satisfactory, this type of security methodology is not without its problems. For instance, if the laptop computer was stolen and the thief also stole or could guess the password, the thief could remotely gain access to the company's network and thus confidential information. In such an instance, for obvious reasons it would be highly desirable to preclude access to the network or at least reduce access privileges. Even apart from the context of a theft, a company might desire to reduce access to certain information from locations outside the physical confines of the company, even by authorized personnel. Accordingly, an access control or security system is needed which addresses these concerns.
- The problems noted above are solved by an electronic system (e.g., portable computer device) embodying an access control (or security) system which provides varying levels of access based on the location of the system. As such, the system includes a location module, such as a geosynchronous positioning system (“GPS”) receiver. This would permit the system to determine its location relative to a plurality of preset location areas. Such location areas might be programmed to include the user's office, home, predetermined location for a business trip and the like.
- During boot up, or at another time, the system determines in which location area it currently is located and invokes an access mode associated with that particular location area. The various access modes can range from permitting the user full access to a local system or remote network, to permitting very limited access to a local system or remote network or to any access to the local or remote system. Such limited access might be limited to just email access or read only access to certain files contained on a remote network or on the local computer system itself. The various location areas preferably are predefined and can be updated whenever necessary by the user or a network administrator.
- For a detailed description of the preferred embodiments of the invention, reference will now be made to the accompanying drawings in which:
- FIG. 1 is a preferred computer system diagram in which a location module is included as a basis for the security system of the computer.
- Certain terms are used throughout the following description and claims to refer to particular system components. As one skilled in the art will appreciate, computer companies may refer to a given component by different names. This document does not intend to distinguish between components that differ in name but not function. In the following discussion and in the claims, the terms “including” and “comprising” are used in an open-ended fashion, and thus should be interpreted to mean “including, but not limited to . . . ” Also, the term “couple” or “couples” is intended to mean either an indirect or direct electrical connection. Thus, if a first device “couples” to a second device, that connection may be through a direct electrical connection, or through an indirect electrical connection via other devices and connections. To the extent that any term is not specially defined in this specification, the intent is that the term is to be given its plain and ordinary meaning.
- Referring now to FIG. 1, an
electronic system 100 constructed in accordance with the preferred embodiment of the invention is shown.System 100 preferably comprises a computer system and more preferably a portable computer (e.g., a desktop computer or a laptop or handheld device). As shown,computer system 100 includes ahost processor 102, anorth bridge 104,system memory 106, asouth bridge 110, an input device 112 (e.g., a mouse or keyboard), adisplay subsystem 114, and variousperipheral devices north bridge 104 via abus 108. The north bridge couples to theprocessor 102,memory 106 anddisplay subsystem 114, and couples to thesouth bridge 110 viabus 108 which preferably comprises a peripheral component interconnect (“PCI”) bus (or equivalent). As shown, theperipheral devices PCI bus 108, but alternatively may attach to the system in other ways. -
Peripheral device 120 preferably comprises a communication port to provide access to a remote network.Device 120 may comprise, for example, network interface card (“NIC”), modem or other means for permitting thecomputer 100 to communicate with a remote network. -
Peripheral device 122 preferably comprises a location module which provides location information to the computer. The location information may be an absolute location or a location relative to a reference point. The module may include a geosynchronous positioning system (“GPS”) receiver, a low earth orbit satellite (“LEOS”) receiver, or any other type of device that provide spatial location information to the computer. By way of further example, thelocation module 122 may comprise a cellular telephone transceiver which, using triangulation, can be used to provide location information. Preferably, thelocation module 122 is selected and designed to provide whatever accuracy is desired. - In accordance with the preferred embodiment of the invention, the
computer 100 implements an access/security scheme or mode (generally referred to as an “operating mode” in the claims) that is based on the location of the computer. The access/security modes specify certain log on and/or access privileges to a local system or remote network and are thus dependent on the location of the computer relative to a plurality of predetermined or programmed location areas. Once it is determined in which location area the computer currently resides, an access/security mode predetermined for that particular area is invoked. By providing a plurality of access/security modes which are individually selected based on where the computer is located, security can be customized to location. For example, access can be decreased or the security can be increased as the computer moves outside a geographic region (e.g., the user's office). The access/security mode can be implemented on thecomputer 100 itself and/or communicated to the remote network for implementation. If the access/security mode is communicated to the remote network, the remote network could restrict use of the network by the computer in accordance with the computer's access/security mode. - By way of example, two location areas could be implemented. One area might include the normal location of the computer during regular business hours, such as the company's location, while another area might be defined as being outside the company. Thus, if the
computer 100 is within the company's confines, one security mode could be applied. However, if the computer is outside the company's confines, a different set of rules could be applied. The various security modes can be invoked, for example, during the boot up process during which the computer's processor could use thelocation module 122 to determine its location. Theprocessor 102 then compares its location to a plurality of location areas to determine in which area the computer is located. Based on the location area, the computer would then boot up with or otherwise invoke a access/security mode preset for that location area. Also, the selection of the access/security mode could be performed when a user is using thecomputer 100 to log on to a remote network via thecommunication port 120. Further, the computer could be programmed to re-evaluate its location at a predetermined interval of time and re-set its security mode if the computer has been transported from one location area to another. Further still, the computer could be programmed to re-evaluate its location before attempting to perform certain transactions, such as accessing certain pre-designated files or applications on the network. - The access/security mode introduced above is intended to be invoked in addition to whatever normal security features have been put in place for the user. The user normally may be granted full access to all data and applications or be granted limited access to the data and applications. The access/security modes invoked based on location are intended to provide an additional layer of security on top of the normal security restrictions imposed for the user by, for example, a network administrator. Thus, the access/security modes either provide no further restrictions or provide additional restrictions. If a user normally is not granted access to a certain file, the security modes described herein would not undo that restriction to grant access to the user.
- There is a great deal of flexibility on what each security mode includes. The modes can apply to the local machine and its operation or to access to a remote network. One mode could permit a user to log on to the local or remote network and be granted full access privileges meaning that the user could access all information and applications normally afforded to that user. This mode might be used, for example, if the user's computer was located in his or her office. Another mode could restrict access to data and/or applications. For example, in this latter mode the user might be restricted to email access only. Also, certain or all files can be designated “read only” and not changeable by the user in this mode. Further still, certain files or programs can be made inaccessible by the computer while in this mode. Such inaccessibility can be implemented by simply not showing an icon on the
display 114 for the files or applications which are designated as off limits to the user. Alternatively, the icon could be shown on the display thereby permitting the user the ability to try to view or run that file or application, but the security mode will prevent the file from actually being viewed or the application from being run. Instead, an error message could shown on thedisplay 114 alerting the user that the selected file/application is outside the privileges for that user in the current location area. - Additionally, if desired more than two location areas can be implemented. The following is one example of a six location area implementation. It should be understood, however, that the only requirement is that at least two location areas be implemented. An exemplary six location area implementation might include:
- 1. the user's office his or her company location,
- 2. the company location outside the user's office, but in the user's building (assuming a multi-building company),
- 3. the company location outside the user's building,
- 4. the user's home,
- 5. a certain location apart from the company location and the user's home (e.g., a location used on a business trip), and
- 6. any other location not identified in the preceding five location areas.
- The access/security modes for each of these six location areas can be defined differently for each area or two or more areas can have the same security mode. For example, the “at work” location area can be assigned a security mode that provides full access privileges. By contrast, the security mode for location number six (i.e., any other location not already defined) could be defined with a set of security rules that only permits very limited access to the network (e.g. email only). Locations 2-5 can be implemented with security modes that limit access as desired.
- Each location area preferably is defined in accordance with the location reporting capabilities of the computer's
location module 122. For example, if the location module reports a location in terms of a longitude and latitude coordinate, then the boundaries of the location areas are similarly defined in terms of longitude and latitude coordinates. The location area can be defined using a plurality of coordinates to define various vertices or a single coordinate could be used to represent the center of the location area. In this latter approach, the location area could be defined by all locations within a predetermined range of the center coordinate, effectively defining the location area as circle. One of ordinary skill in the art should appreciate numerous ways to define the various location areas and this disclosure and the claims which follow should be interpreted to embrace all such techniques. - It may be possible for an unauthorized person to modify location module of the
computer system 100 in such a way to “fool” the computer into determining it is in one location area when, in fact, the computer is actually in another location area. By making the computer think it is in an incorrect location area, a security mode more favorable to the desires of the unauthorized person may be invoked. To prevent this from happening, thecomputer system 100 and the remote network to which it communicates preferably implement a methodology for the remote network to verify the authenticity ofcomputer 100, in particular the location reporting capabilities of the computer. In suitable methodology can be used in this regard. For example, the Trusted Computing Platform Association, Main Specification, Version 1.1, incorporated herein by reference, can be used. This method specifies that the computer'sprocessor 102 executes code to measure various software and hardware characteristics of the system. One such characteristic could be a predetermined attribute or signal from the location module. This information then could be converted into a digital certificate in accordance with well-known techniques. The certificate would then be transferred through the computer'scommunication port 120 to the remote network which verifies the certificate in accordance with well-known techniques. If the certificate is successfully verified, the remote network is assured that thecomputer system 100 is authentic and valid and, accordingly, the network permits access by the computer in accordance with the security mode invoked by the computer. - The above discussion is meant to be illustrative of the principles and various embodiments of the present invention. Numerous variations and modifications will become apparent to those skilled in the art once the above disclosure is fully appreciated. It is intended that the following claims be interpreted to embrace all such variations and modifications.
Claims (24)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/006,331 US7051196B2 (en) | 2001-12-05 | 2001-12-05 | Location-based security for a portable computer |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/006,331 US7051196B2 (en) | 2001-12-05 | 2001-12-05 | Location-based security for a portable computer |
Publications (2)
Publication Number | Publication Date |
---|---|
US20030105971A1 true US20030105971A1 (en) | 2003-06-05 |
US7051196B2 US7051196B2 (en) | 2006-05-23 |
Family
ID=21720375
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/006,331 Active 2024-04-24 US7051196B2 (en) | 2001-12-05 | 2001-12-05 | Location-based security for a portable computer |
Country Status (1)
Country | Link |
---|---|
US (1) | US7051196B2 (en) |
Cited By (31)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030188199A1 (en) * | 2002-03-28 | 2003-10-02 | Fujitsu Limited | Method of and device for information security management, and computer product |
WO2005069179A1 (en) * | 2004-01-12 | 2005-07-28 | International Business Machines Corporation | Method for enabling compliance with export restrictions |
US20050216466A1 (en) * | 2004-03-29 | 2005-09-29 | Fujitsu Limited | Method and system for acquiring resource usage log and computer product |
EP1594037A2 (en) * | 2004-05-03 | 2005-11-09 | Microsoft Corporation | Context-aware display platform and applications |
US20060015501A1 (en) * | 2004-07-19 | 2006-01-19 | International Business Machines Corporation | System, method and program product to determine a time interval at which to check conditions to permit access to a file |
WO2006022828A1 (en) * | 2004-03-02 | 2006-03-02 | The Boeing Company | Security for a cargo container |
EP1643407A1 (en) * | 2004-09-29 | 2006-04-05 | Lucent Technologies Inc. | Method for disabling a computing device based on the location of the computing device |
US20060095389A1 (en) * | 2004-10-29 | 2006-05-04 | Kabushiki Kaisha Toshiba | Information processing apparatus and operation control method |
US20070202838A1 (en) * | 2006-02-28 | 2007-08-30 | Ronald Zancola | System and method for locating a wireless device |
US20070241889A1 (en) * | 2006-04-10 | 2007-10-18 | The Boeing Company | Container security system |
US20070271600A1 (en) * | 2004-01-20 | 2007-11-22 | Cisco Technology, Inc. | Assuring physical security of a subscriber line device |
US20080107274A1 (en) * | 2006-06-21 | 2008-05-08 | Rf Code, Inc. | Location-based security, privacy, assess control and monitoring system |
US20080209515A1 (en) * | 2007-02-22 | 2008-08-28 | Wael Ibrahim | Location attestation service |
US20080271150A1 (en) * | 2007-04-30 | 2008-10-30 | Paul Boerger | Security based on network environment |
GB2460143A (en) * | 2008-05-23 | 2009-11-25 | Exacttrak Ltd | Secure memory device with wide area communications |
US20100175116A1 (en) * | 2009-01-06 | 2010-07-08 | Qualcomm Incorporated | Location-based system permissions and adjustments at an electronic device |
US20110302632A1 (en) * | 2009-01-16 | 2011-12-08 | David Garrett | Method and System for Supporting Visitor Access Via a Broadband Gateway |
US8621656B2 (en) | 2010-07-06 | 2013-12-31 | Nokia Corporation | Method and apparatus for selecting a security policy |
US8856916B1 (en) * | 2012-10-05 | 2014-10-07 | Symantec Corporation | User associated geo-location based reauthorization to protect confidential information |
US8898793B2 (en) | 2011-01-14 | 2014-11-25 | Nokia Corporation | Method and apparatus for adjusting context-based factors for selecting a security policy |
US8911507B1 (en) * | 2011-11-22 | 2014-12-16 | Symantec Corporation | Systems and methods for mitigating mobile device loss |
WO2015066013A1 (en) * | 2013-10-29 | 2015-05-07 | Mapquest, Inc. | Systems and methods for geolocation-based authentication and authorization |
US9330256B2 (en) | 2013-02-01 | 2016-05-03 | Qualcomm Incorporated | Location based process-monitoring |
US20160255097A1 (en) * | 2012-06-22 | 2016-09-01 | Intel Corporation | Providing Geographic Protection To A System |
US20160294804A1 (en) * | 2014-06-26 | 2016-10-06 | Rakuten, Inc. | Information processing apparatus, information processing method, and information processing program |
US9477825B1 (en) * | 2015-07-10 | 2016-10-25 | Trusted Mobile, Llc | System for transparent authentication across installed applications |
TWI571715B (en) * | 2013-10-22 | 2017-02-21 | 光寶電子(廣州)有限公司 | Control device with automatically adjusting function |
US9798876B1 (en) | 2015-08-19 | 2017-10-24 | Symantec Corporation | Systems and methods for creating security profiles |
US10261565B2 (en) * | 2014-01-09 | 2019-04-16 | International Business Machines Corporation | Enhanced security and resource utilization in a multi-operating system environment |
US11550885B2 (en) * | 2020-04-16 | 2023-01-10 | Bank Of America Corporation | Security enabled false desktop computing environment |
US11921859B2 (en) * | 2021-11-04 | 2024-03-05 | Dell Products L.P. | System and method for managing device security during startup |
Families Citing this family (32)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8041817B2 (en) | 2000-06-30 | 2011-10-18 | At&T Intellectual Property I, Lp | Anonymous location service for wireless networks |
US6804699B1 (en) | 2000-07-18 | 2004-10-12 | Palmone, Inc. | Identifying and locating lost or stolen personal digital assistant devices via a landline- or wireless-connected web server |
US7110749B2 (en) | 2000-12-19 | 2006-09-19 | Bellsouth Intellectual Property Corporation | Identity blocking service from a wireless service provider |
US7245925B2 (en) * | 2000-12-19 | 2007-07-17 | At&T Intellectual Property, Inc. | System and method for using location information to execute an action |
US7116977B1 (en) | 2000-12-19 | 2006-10-03 | Bellsouth Intellectual Property Corporation | System and method for using location information to execute an action |
US7224978B2 (en) | 2000-12-19 | 2007-05-29 | Bellsouth Intellectual Property Corporation | Location blocking service from a wireless service provider |
US7130630B1 (en) | 2000-12-19 | 2006-10-31 | Bellsouth Intellectual Property Corporation | Location query service for wireless networks |
US7428411B2 (en) * | 2000-12-19 | 2008-09-23 | At&T Delaware Intellectual Property, Inc. | Location-based security rules |
US7181225B1 (en) | 2000-12-19 | 2007-02-20 | Bellsouth Intellectual Property Corporation | System and method for surveying wireless device users by location |
US7085555B2 (en) | 2000-12-19 | 2006-08-01 | Bellsouth Intellectual Property Corporation | Location blocking service from a web advertiser |
US7591020B2 (en) * | 2002-01-18 | 2009-09-15 | Palm, Inc. | Location based security modification system and method |
US20040193902A1 (en) * | 2003-03-31 | 2004-09-30 | Vogler Dean H. | Digital content rendering device and method |
CN1774687A (en) * | 2003-04-14 | 2006-05-17 | 松下电器产业株式会社 | Client end server authenticationn using challenge response principle |
JP2005145351A (en) * | 2003-11-18 | 2005-06-09 | Tokai Rika Co Ltd | Vehicle theft preventive device |
US7660914B2 (en) | 2004-05-03 | 2010-02-09 | Microsoft Corporation | Auxiliary display system architecture |
US7558884B2 (en) * | 2004-05-03 | 2009-07-07 | Microsoft Corporation | Processing information received at an auxiliary computing device |
US7577771B2 (en) * | 2004-05-03 | 2009-08-18 | Microsoft Corporation | Caching data for offline display and navigation of auxiliary information |
US7664751B2 (en) | 2004-09-30 | 2010-02-16 | Google Inc. | Variable user interface based on document access privileges |
US7603355B2 (en) | 2004-10-01 | 2009-10-13 | Google Inc. | Variably controlling access to content |
US20060174329A1 (en) * | 2005-01-28 | 2006-08-03 | Microsoft Corporation | Controlling access to location information using time-of-day restrictions |
JP2007102363A (en) * | 2005-09-30 | 2007-04-19 | Toshiba Corp | Information processor and control method therefor |
US20070200674A1 (en) * | 2006-02-14 | 2007-08-30 | Garmin Ltd., A Cayman Islands Corporation | Electronic device having a location-based security feature |
JP4665882B2 (en) * | 2006-10-03 | 2011-04-06 | トヨタ自動車株式会社 | Vehicle door lock control device |
US8135798B2 (en) * | 2006-11-15 | 2012-03-13 | Hewlett-Packard Development Company, L.P. | Over-the-air device services and management |
US7603435B2 (en) | 2006-11-15 | 2009-10-13 | Palm, Inc. | Over-the-air device kill pill and lock |
US7769993B2 (en) * | 2007-03-09 | 2010-08-03 | Microsoft Corporation | Method for ensuring boot source integrity of a computing system |
US7917741B2 (en) * | 2007-04-10 | 2011-03-29 | Standard Microsystems Corporation | Enhancing security of a system via access by an embedded controller to a secure storage device |
US8555336B1 (en) | 2008-03-27 | 2013-10-08 | Mcafee, Inc. | System, method, and computer program product for a pre-deactivation grace period |
US8645423B2 (en) * | 2008-05-02 | 2014-02-04 | Oracle International Corporation | Method of partitioning a database |
US9411970B2 (en) | 2011-08-19 | 2016-08-09 | Microsoft Technology Licensing, Llc | Sealing secret data with a policy that includes a sensor-based constraint |
US8948391B2 (en) | 2012-11-13 | 2015-02-03 | Lenovo Enterprise Solutions (Singapore) Pte. Ltd. | Secure communication method |
US9781602B1 (en) | 2016-03-31 | 2017-10-03 | Ca, Inc. | Geographically based access management for internet of things device data |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5812961A (en) * | 1995-12-28 | 1998-09-22 | Trimble Navigation Limited | Method and reciever using a low earth orbiting satellite signal to augment the global positioning system |
US5922073A (en) * | 1996-01-10 | 1999-07-13 | Canon Kabushiki Kaisha | System and method for controlling access to subject data using location data associated with the subject data and a requesting device |
US6418533B2 (en) * | 1997-08-29 | 2002-07-09 | Compaq Information Technologies Group, L.P. | “J” system for securing a portable computer which optionally requires an entry of an invalid power on password (POP), by forcing an entry of a valid POP |
US20020094777A1 (en) * | 2001-01-16 | 2002-07-18 | Cannon Joseph M. | Enhanced wireless network security using GPS |
-
2001
- 2001-12-05 US US10/006,331 patent/US7051196B2/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5812961A (en) * | 1995-12-28 | 1998-09-22 | Trimble Navigation Limited | Method and reciever using a low earth orbiting satellite signal to augment the global positioning system |
US5922073A (en) * | 1996-01-10 | 1999-07-13 | Canon Kabushiki Kaisha | System and method for controlling access to subject data using location data associated with the subject data and a requesting device |
US6418533B2 (en) * | 1997-08-29 | 2002-07-09 | Compaq Information Technologies Group, L.P. | “J” system for securing a portable computer which optionally requires an entry of an invalid power on password (POP), by forcing an entry of a valid POP |
US20020094777A1 (en) * | 2001-01-16 | 2002-07-18 | Cannon Joseph M. | Enhanced wireless network security using GPS |
Cited By (54)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030188199A1 (en) * | 2002-03-28 | 2003-10-02 | Fujitsu Limited | Method of and device for information security management, and computer product |
WO2005069179A1 (en) * | 2004-01-12 | 2005-07-28 | International Business Machines Corporation | Method for enabling compliance with export restrictions |
US20070271600A1 (en) * | 2004-01-20 | 2007-11-22 | Cisco Technology, Inc. | Assuring physical security of a subscriber line device |
WO2006022828A1 (en) * | 2004-03-02 | 2006-03-02 | The Boeing Company | Security for a cargo container |
US7405655B2 (en) | 2004-03-02 | 2008-07-29 | The Boeing Company | Security for a cargo container |
US20060261944A1 (en) * | 2004-03-02 | 2006-11-23 | Ng Joseph S | Security for a cargo container |
US20050216466A1 (en) * | 2004-03-29 | 2005-09-29 | Fujitsu Limited | Method and system for acquiring resource usage log and computer product |
EP1594037A3 (en) * | 2004-05-03 | 2012-03-14 | Microsoft Corporation | Context-aware display platform and applications |
EP1594037A2 (en) * | 2004-05-03 | 2005-11-09 | Microsoft Corporation | Context-aware display platform and applications |
AU2005201789B2 (en) * | 2004-05-03 | 2010-04-08 | Microsoft Corporation | Context-aware auxiliary display platform and applications |
US20060015501A1 (en) * | 2004-07-19 | 2006-01-19 | International Business Machines Corporation | System, method and program product to determine a time interval at which to check conditions to permit access to a file |
EP1643407A1 (en) * | 2004-09-29 | 2006-04-05 | Lucent Technologies Inc. | Method for disabling a computing device based on the location of the computing device |
EP1653386A3 (en) * | 2004-10-29 | 2006-12-27 | Kabushiki Kaisha Toshiba | Information processing apparatus and operation control method |
US20060095389A1 (en) * | 2004-10-29 | 2006-05-04 | Kabushiki Kaisha Toshiba | Information processing apparatus and operation control method |
US20070202838A1 (en) * | 2006-02-28 | 2007-08-30 | Ronald Zancola | System and method for locating a wireless device |
US7504939B2 (en) * | 2006-02-28 | 2009-03-17 | Symbol Technologies, Inc. | System and method for locating a wireless device |
US20070241889A1 (en) * | 2006-04-10 | 2007-10-18 | The Boeing Company | Container security system |
US7737840B2 (en) | 2006-04-10 | 2010-06-15 | The Boeing Company | Container security system |
US8577042B2 (en) * | 2006-06-21 | 2013-11-05 | Rf Code, Inc. | Location-based security, privacy, access control and monitoring system |
US20080107274A1 (en) * | 2006-06-21 | 2008-05-08 | Rf Code, Inc. | Location-based security, privacy, assess control and monitoring system |
US8332928B2 (en) * | 2007-02-22 | 2012-12-11 | Hewlett-Packard Development Company, L.P. | Location attestation service |
US20080209515A1 (en) * | 2007-02-22 | 2008-08-28 | Wael Ibrahim | Location attestation service |
US20110185408A1 (en) * | 2007-04-30 | 2011-07-28 | Hewlett-Packard Development Company, L.P. | Security based on network environment |
US20080271150A1 (en) * | 2007-04-30 | 2008-10-30 | Paul Boerger | Security based on network environment |
GB2460143A (en) * | 2008-05-23 | 2009-11-25 | Exacttrak Ltd | Secure memory device with wide area communications |
US10122716B2 (en) | 2008-05-23 | 2018-11-06 | Exacttrak Limited | Secure storage device with on-board encryption control |
US9244862B2 (en) | 2008-05-23 | 2016-01-26 | Exacttrak Limited | Secure storage device permanently disabled by remote command |
US9967252B2 (en) | 2008-05-23 | 2018-05-08 | Exacttrak Limited | Secure storage device with automatic command filtering |
US20100175116A1 (en) * | 2009-01-06 | 2010-07-08 | Qualcomm Incorporated | Location-based system permissions and adjustments at an electronic device |
US9928500B2 (en) | 2009-01-06 | 2018-03-27 | Qualcomm Incorporated | Location-based system permissions and adjustments at an electronic device |
US8961619B2 (en) * | 2009-01-06 | 2015-02-24 | Qualcomm Incorporated | Location-based system permissions and adjustments at an electronic device |
US9167005B2 (en) * | 2009-01-16 | 2015-10-20 | Broadcom Corporation | Method and system for supporting visitor access via a broadband gateway |
US20110302632A1 (en) * | 2009-01-16 | 2011-12-08 | David Garrett | Method and System for Supporting Visitor Access Via a Broadband Gateway |
US8621656B2 (en) | 2010-07-06 | 2013-12-31 | Nokia Corporation | Method and apparatus for selecting a security policy |
US8898793B2 (en) | 2011-01-14 | 2014-11-25 | Nokia Corporation | Method and apparatus for adjusting context-based factors for selecting a security policy |
US8911507B1 (en) * | 2011-11-22 | 2014-12-16 | Symantec Corporation | Systems and methods for mitigating mobile device loss |
US20160255097A1 (en) * | 2012-06-22 | 2016-09-01 | Intel Corporation | Providing Geographic Protection To A System |
US10218711B2 (en) * | 2012-06-22 | 2019-02-26 | Intel Corporation | Providing geographic protection to a system |
US8856916B1 (en) * | 2012-10-05 | 2014-10-07 | Symantec Corporation | User associated geo-location based reauthorization to protect confidential information |
US9330256B2 (en) | 2013-02-01 | 2016-05-03 | Qualcomm Incorporated | Location based process-monitoring |
TWI571715B (en) * | 2013-10-22 | 2017-02-21 | 光寶電子(廣州)有限公司 | Control device with automatically adjusting function |
US9622077B2 (en) | 2013-10-29 | 2017-04-11 | Mapquest, Inc. | Systems and methods for geolocation-based authentication and authorization |
US9253198B2 (en) | 2013-10-29 | 2016-02-02 | Mapquest, Inc. | Systems and methods for geolocation-based authentication and authorization |
US9961088B2 (en) | 2013-10-29 | 2018-05-01 | Mapquest, Inc. | Systems and methods for geolocation-based authentication and authorization |
WO2015066013A1 (en) * | 2013-10-29 | 2015-05-07 | Mapquest, Inc. | Systems and methods for geolocation-based authentication and authorization |
US10261565B2 (en) * | 2014-01-09 | 2019-04-16 | International Business Machines Corporation | Enhanced security and resource utilization in a multi-operating system environment |
US10310581B2 (en) | 2014-01-09 | 2019-06-04 | International Business Machines Corporation | Enhanced security and resource utilization in a multi-operating system environment |
US9813410B2 (en) * | 2014-06-26 | 2017-11-07 | Rakuten, Inc. | Information processing apparatus, information processing method, and information processing program |
US20160294804A1 (en) * | 2014-06-26 | 2016-10-06 | Rakuten, Inc. | Information processing apparatus, information processing method, and information processing program |
US9992023B2 (en) | 2015-07-10 | 2018-06-05 | Trusted Mobile, Llc | System for transparent authentication across installed applications |
US9477825B1 (en) * | 2015-07-10 | 2016-10-25 | Trusted Mobile, Llc | System for transparent authentication across installed applications |
US9798876B1 (en) | 2015-08-19 | 2017-10-24 | Symantec Corporation | Systems and methods for creating security profiles |
US11550885B2 (en) * | 2020-04-16 | 2023-01-10 | Bank Of America Corporation | Security enabled false desktop computing environment |
US11921859B2 (en) * | 2021-11-04 | 2024-03-05 | Dell Products L.P. | System and method for managing device security during startup |
Also Published As
Publication number | Publication date |
---|---|
US7051196B2 (en) | 2006-05-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7051196B2 (en) | Location-based security for a portable computer | |
US7149529B2 (en) | Method and system for controlling selective wireless communication access | |
EP2071883B1 (en) | Apparatus, method, program and recording medium for protecting data in a wireless communication terminal | |
US9811381B2 (en) | Resource restriction systems and methods | |
US7000116B2 (en) | Password value based on geographic location | |
US6125457A (en) | Networked computer security system | |
US8301910B2 (en) | Intelligent, export/import restriction-compliant portable computer device | |
US7080402B2 (en) | Access to applications of an electronic processing device solely based on geographic location | |
EP0915600B1 (en) | Distributed object system and service supply method therein | |
US20060031830A1 (en) | System with location-sensitive software installation method | |
US20110185408A1 (en) | Security based on network environment | |
EP0762289A2 (en) | Method and system for securely controlling access to system resources in a distributed system | |
US20050086391A1 (en) | Location sensitive software download | |
JP2002544583A (en) | Method and apparatus for enabling a display of an electronic device based on an interval | |
KR20020036696A (en) | Method to use secure passwords in an unsecure program environment | |
JPH0934838A (en) | Method and apparatus for search of user's credentials in distributed computer environment | |
EP1604482A2 (en) | Data processing system with peripheral access protection and method therefor | |
US20080243854A1 (en) | Information processing system | |
ATE206218T1 (en) | SYSTEM AND METHOD FOR SECURELY MANAGING DESKTOP ENVIRONMENTS OVER A NETWORK | |
JPH09152990A (en) | Access control system and its method | |
US7743412B1 (en) | Computer system identification | |
US6134657A (en) | Method and system for access validation in a computer system | |
US20040054896A1 (en) | Event driven security objects | |
US6564325B1 (en) | Method of and apparatus for providing multi-level security access to system | |
US7137141B1 (en) | Single sign-on to an underlying operating system application |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: COMPAQ INFORMATION TECHNOLOGIES GROUP, L.P., TEXAS Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:ANGELO, MICHAEL F.;REEL/FRAME:012367/0464 Effective date: 20011130 |
|
AS | Assignment |
Owner name: COMPAQ INFORMATION TECHNOLOGIES GROUP L.P., TEXAS Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:OLARIG, SOMPONG P.;REEL/FRAME:012730/0505 Effective date: 20020204 |
|
AS | Assignment |
Owner name: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P., TEXAS Free format text: CHANGE OF NAME;ASSIGNOR:COMPAQ INFORMATION TECHNOLOGIES GROUP LP;REEL/FRAME:014628/0103 Effective date: 20021001 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
CC | Certificate of correction | ||
FPAY | Fee payment |
Year of fee payment: 4 |
|
FPAY | Fee payment |
Year of fee payment: 8 |
|
FPAY | Fee payment |
Year of fee payment: 12 |